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AMENDMENTS TO THE CLAIMS: 

This listing of the claims will replace all prior versions, and listings, of the claims in this 
application: 



The Claims: 

1. (Currently Amended) A method, comprising: 

receiving., at a broker comprising a processor, a usage policy for constraints related to 
data of a user in a communication system, wherein said usage policy defines a strictness level 
value associated with the usage policy, where a strictness level value is a value assigned to a 
collection of privacy attributes; 

receiving a request for data associated with the user from a service provider in the 
communication system to the broker, wherein the service provider possesses a privacy policy 
and wherein said request comprises a strictness level value associated with the privacy policy 
of the service provider; 

checking, by the processor in the broker, the request against [[a]] the usage policy of the 
user by comparing the strictness level value associated with the usage policy to the strictness 
level value in the received request and associated with the privacy policy of the service 
provider; and 

sending a response to the service provider indicating whether the data can be released, 
based on the comparison of the strictness level values. 

2. (Previously Presented) The method of claim 1, wherein the usage policy is defined by 
the user. 

3. (Previously Presented) The method of claim 1, further comprising: providing the 
broker with a predefined set of privacy policies and usage policies. 

4. (Previously Presented) The method of claim 3, wherein the providing comprises 
providing the privacy policies and the usage policies comprising similar attributes with 
defined strictness level values. 



S.N.: 10/648,644 
Art Unit: 2432 



800.0148.U1 (US) 



5-6. (Canceled). 

7. (Previously Presented) The method of claim 1, further comprising: releasing user data 
when said strictness level value associated with the privacy policy is less than or equal to the 
strictness level value in the received request. 

8. (Previously Presented) The method of claim 1, further comprising: indicating, in the 
response by the broker, a strictness level value associated with the usage policy to the service 
provider when the strictness level value associated with the privacy policy is greater than the 
strictness level value associated with the usage policy. 

9. (Previously Presented) The method of claim 1, further comprising: allowing the user to 
reduce the strictness level value associated with the usage policy when the strictness level 
value associated with the privacy policy is greater than the strictness level value associated 
with the usage policy. 

10. (Previously Presented) The method of claim 1, further comprising: attaching an 
electronically signed usage policy to the data when the data is released. 

1 1 . (Currently Amended) A system, comprising: 

a service provider possessing comprising a memory configured to store a privacy policy; 

and 

a broker , comprising at least one processor and at least one memory including computer 
program code, where the at least one memory and the computer program code are configured 
to, with the at least one processor, cause the broker at least: 

hosting to host a usage policy for constraints related to data of a user, wherein said usage 
policy defines a strictness level value associated with the usage policy, where a strictness 
level value is a value assigned to a collection of privacy attributes, 

wherein the broker is configured to check a request from the service provider against the 
usage policy of the user by comparing the strictness level value associated with the usage 
policy to [[a]] the strictness level value associated with the privacy policy of the service 
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provider, wherein said request comprises the strictness level value associated with the privacy 
policy of the service provider, and 

the brok e r is configured to send a response to the service provider indicating whether data 
associated with the user can be released in response to the request based on the comparison of 
the strictness level values. 

12. (Currently Amended) A system, comprising: 

introducing means for introducing to a broker a usage policy for constraints related to 
data of a user, wherein said usage policy defines a strictness level value associated with the 
usage policy, where a strictness level value is a value assigned to a collection of privacy 
attributes; 

receiving means for receiving a request for data associated with the user from a service 
provider to the broker, wherein the service provider possesses a privacy policy and wherein 
said request comprises at least one strictness level value associated with the privacy policy; 

checking means for checking, in the broker, the request against the usage policy of the 
user by comparing the strictness level value associated with the usage policy to the strictness 
level value in the received request and associated with the privacy policy of the service 
provider; and 

sending means for sending a response to the service provider indicating whether the data 
can be released, based on the comparison of the strictness level param e t e r values. 

13. (Currently Amended) An apparatus, comprising: 
at least one memory including computer program code, 
at least one processor, 

wherein the at least one memory and the computer program code are configured to, with 
the at least one processor, cause the apparatus at least to 

receive a request for data associated with a user from a service provider, wherein the 
service provider possesses a privacy policy and wherein said request comprises a strictness 
level param e t e r value associated with the privacy policy, where a strictness level value is a 
value assigned to a collection of privacy attributes; 
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check the request against a usage policy of the user by comparing the strictness level 
value associated with the usage policy to [[a]] the strictness level value in the received 
request and associated with the privacy policy of the service provider, wherein said usage 
policy defines a strictness level value associated with the privacy usage policy of the s e rvic e 
provider ; and 

send a response to the service provider indicating whether the data can be released, based 
on the comparison of the strictness level parameter values. 

14. (Previously Presented) The apparatus of claim 13, wherein the at least one memory 
and the computer program code are further configured to, with the at least one processor, 
cause the apparatus at least to release user data when said strictness level value associated 
with the privacy policy is less than or equal to the strictness level value associated with the 
received usage policy. 

15. (Previously Presented) The apparatus of claim 13, wherein the at least one memory 
and the computer program code are further configured to, with the at least one processor, 
cause the apparatus at least to indicate, in the response, a strictness level value of the usage 
policy to the service provider when the strictness level value associated with the privacy 
policy is greater than the strictness level value associated with the usage policy. 

16. (Previously Presented) The apparatus of claim 13, wherein the at least one memory 
and the computer program code are further configured to, with the at least one processor, 
cause the apparatus at least to allow the user to reduce the strictness level value associated 
with the usage policy when the strictness level value associated with the privacy policy of the 
service provider is greater than the strictness level value associated with the usage policy. 

17. (Previously Presented) The apparatus of claim 13, wherein the at least one memory 
and the computer program code are further configured to, with the at least one processor, 
cause the apparatus at least to attach an electronically signed usage policy to the data when 
the data is released. 
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18. (Currently Amended) An apparatus, comprising: 

receiving means for receiving a request for data associated with a user from a service 
provider, wherein the service provider possesses a privacy policy and wherein said request 
comprises a strictness level value associated with the privacy policy of the service provider, 
where a strictness level value is a value assigned to a collection of privacy attributes; 

checking means for checking the request against a usage policy of the user by comparing 
a strictness level value associated with the usage policy to the strictness level value associated 
with the privacy policy, wherein said usage policy defines [[a]] the strictness level value 
associated with the usage policy; and 

sending means for sending a response to the service provider indicating whether the data 
can be released, based on the comparison of the strictness level paramet e r values. 

19. (Currently Amended) A computer-readable medium comprising computer- 
executable components, the components configured to: 

receive a usage policy for constraints related to data of a user in a communication system, 
wherein said usage policy defines a strictness level value associated with the usage policy, 
where a strictness level value is a value assigned to a collection of privacy attributes; 

receive a request for data associated with the user from a service provider in the 
communication system, wherein the service provider possesses a privacy policy and wherein 
said request comprises a strictness level value associated with the privacy policy; 

check the request against [[a]] the usage policy of the user by comparing the strictness 
level value in the usage policy to the strictness level value in the received request and 
associated with the privacy policy of the service provider; and 

send a response to the service provider indicating whether the data can be released, based 
on the comparison of the strictness level param e ter values. 

20. (Previously Presented) The medium of claim 19, wherein the usage policy is defined 
by the user. 

21. (Previously Presented) The medium of claim 19, wherein the components are 
configured to: receive a predefined set of privacy policies and usage policies. 
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22. (Previously Presented) The medium of claim 21, wherein receiving the predefined set 
comprises receiving the privacy policies and the usage policies comprising defined strictness 
level values. 

23-24. (Canceled). 

25. (Previously Presented) The medium of claim 19, wherein the components are 
configured to: release user data when said strictness level value associated with the privacy 
policy is less than or equal to the strictness level value associated with the usage policy. 

26. (Previously Presented) The medium of claim 19, wherein the components are 
configured to: 

indicate, in the response, a strictness level value to the service provider when the 
strictness level value associated with the privacy policy of the service provider is greater than 
the indicated strictness level value associated with the usage policy. 

27. (Currently Amended) The medium of claim 19, wherein the components are 
configured to: allow the user to reduce the strictness level value associated with the usage 
policy when the strictness level parameter value associated with the privacy policy of the 
service provider is greater than the strictness level value in the usage policy. 

28. (Previously Presented) The medium of claim 19, wherein the components are 
configured to: attach an electronically signed usage policy to the data when the data is 
released. 

29. (Previously Presented) The method of claim 1, where a strictness level value is 
defined at least in part as comprising: 

a "purpose" attribute describing a purposes of data collection or uses of data; 
a "retention" attribute indicating a retention policy; and 

an "access" attribute indicating whether the service provider provides access to collected 
data. 
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30. (Previously Presented) The method of claim 1, where a strictness level value 
associated with the usage policy is "privacy strict", where "privacy strict" is defined at least 
in part as: the "purpose" attribute being assigned a value of "current"; the "retention" 
attribute being assigned a value of "no retention"; and the "access" attribute being assigned a 
value of "nonident". 



8 



